发表新帖
发表新帖

openssl command line to verify the signature

后端 未结
关注
4 1836
名媛妹妹
名媛妹妹 2020-12-24 06:47

Hi I have generated a key pair and used the private key to generate a signature.

openssl rsautl -sign -in helloworld.txt -inkey aa.pem -out sig
相关标签:
4条回答
  • 伪装坚强ぢ
    2020-12-24 07:14

    your method is basically correct. What you miss is to tell rsautl that the inut key file file is a public key by add "-pubin". The item "-pubin" OpenSSL rsautl document isn't accurate " -pubin the input file is an RSA public key. " should be " -pubin the input key file is an RSA public key. " Since the input file should be a signature file.

    0 讨论(0)
  • -上瘾入骨i
    2020-12-24 07:15

    Verify using public key

    echo "plop" > "helloworld.txt"
openssl rsautl -sign -in hello.txt -inkey private.pem -out sig
openssl rsautl -verify -in sig -inkey public.pem -pubin
> plop
    0 讨论(0)
  • 长情又很酷
    2020-12-24 07:19

    I found two solutions to your problem.

    You can use rsautl that way: (with private key: my.key and public key my-pub.pem)

    $ openssl rsautl -sign -inkey my.key -out in.txt.rsa -in in.txt
Enter pass phrase for my.key:
$ openssl rsautl -verify -inkey my-pub.pem -in in.txt.rsa -pubin
Bonjour

    With this method, all the document is included within the signature file and is outputted by the final command.

    But in my case, my certificate says: Signature Algorithm: sha1WithRSAEncryption. So I would recommend you to use the standard way of signing document in 4 steps: (This method is used for all asymmetric electronic signatures in order not to overcharge the signature file and/or CPU usage)

    1. Create digest of document to sign (sender)
    2. Sign digest with private key (sender)
    3. Create digest of document to verify (recipient)
    4. Verify signature with public key (recipient)

    OpenSSL does this in two steps: 

    $ openssl dgst -sha256 -sign my.key -out in.txt.sha256 in.txt 
Enter pass phrase for my.key:
$ openssl dgst -sha256 -verify my-pub.pem -signature in.txt.sha256 in.txt  
Verified OK

    With this method, you sent the recipient two documents: the original file plain text, the signature file signed digest. Attention: the signature file does not include the whole document! Only the digest.

    0 讨论(0)
  • 深忆病人
    2020-12-24 07:21

    You can check the doc for rsautl

    In your example, this would give :

    openssl rsautl -verify -in sig -inkey aa.pem

    I have copied my full history below :

    echo "plop" > "helloworld.txt"
openssl rsautl -sign -in helloworld.txt -inkey aa.pem -out sig
openssl rsautl -verify -in sig -inkey aa.pem
> plop
    0 讨论(0)
 看不清?
提交回复
热议问题